[5/9] tools/arch/x86: intel_sdsi: Add support for reading state certificates
Commit Message
Add option to read and decode On Demand state certificates.
Link: https://github.com/intel/intel-sdsi/blob/master/state-certificate-encoding.rst
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
---
tools/arch/x86/intel_sdsi/intel_sdsi.c | 268 ++++++++++++++++++-------
1 file changed, 198 insertions(+), 70 deletions(-)
Comments
Hi,
On 11/1/22 20:10, David E. Box wrote:
> Add option to read and decode On Demand state certificates.
>
> Link: https://github.com/intel/intel-sdsi/blob/master/state-certificate-encoding.rst
>
> Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Thanks, patch looks good to me:
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Regards,
Hans
> ---
> tools/arch/x86/intel_sdsi/intel_sdsi.c | 268 ++++++++++++++++++-------
> 1 file changed, 198 insertions(+), 70 deletions(-)
>
> diff --git a/tools/arch/x86/intel_sdsi/intel_sdsi.c b/tools/arch/x86/intel_sdsi/intel_sdsi.c
> index c0e2f2349db4..9dd94014a672 100644
> --- a/tools/arch/x86/intel_sdsi/intel_sdsi.c
> +++ b/tools/arch/x86/intel_sdsi/intel_sdsi.c
> @@ -22,11 +22,24 @@
>
> #include <sys/types.h>
>
> +#ifndef __packed
> +#define __packed __attribute__((packed))
> +#endif
> +
> +#define min(x, y) ({ \
> + typeof(x) _min1 = (x); \
> + typeof(y) _min2 = (y); \
> + (void) (&_min1 == &_min2); \
> + _min1 < _min2 ? _min1 : _min2; })
> +
> #define SDSI_DEV "intel_vsec.sdsi"
> #define AUX_DEV_PATH "/sys/bus/auxiliary/devices/"
> #define SDSI_PATH (AUX_DEV_DIR SDSI_DEV)
> #define GUID 0x6dd191
> #define REGISTERS_MIN_SIZE 72
> +#define STATE_CERT_MAX_SIZE 4096
> +#define STATE_MAX_NUM_LICENSES 16
> +#define STATE_MAX_NUM_IN_BUNDLE (uint32_t)8
>
> #define __round_mask(x, y) ((__typeof__(x))((y) - 1))
> #define round_up(x, y) ((((x) - 1) | __round_mask(x, y)) + 1)
> @@ -49,6 +62,7 @@ struct availability {
> uint64_t reserved:48;
> uint64_t available:3;
> uint64_t threshold:3;
> + uint64_t reserved2:10;
> };
>
> struct sdsi_regs {
> @@ -63,17 +77,55 @@ struct sdsi_regs {
> uint64_t socket_id;
> };
>
> +#define CONTENT_TYPE_LK_ENC 0xD
> +#define CONTENT_TYPE_LK_BLOB_ENC 0xE
> +
> +struct state_certificate {
> + uint32_t content_type;
> + uint32_t region_rev_id;
> + uint32_t header_size;
> + uint32_t total_size;
> + uint32_t key_size;
> + uint32_t num_licenses;
> +};
> +
> +struct license_key_info {
> + uint32_t key_rev_id;
> + uint64_t key_image_content[6];
> +} __packed;
> +
> +#define LICENSE_BLOB_SIZE(l) (((l) & 0x7fffffff) * 4)
> +#define LICENSE_VALID(l) (!!((l) & 0x80000000))
> +
> +// License Group Types
> +#define LBT_ONE_TIME_UPGRADE 1
> +#define LBT_METERED_UPGRADE 2
> +
> +struct license_blob_content {
> + uint32_t type;
> + uint64_t id;
> + uint64_t ppin;
> + uint64_t previous_ppin;
> + uint32_t rev_id;
> + uint32_t num_bundles;
> +} __packed;
> +
> +struct bundle_encoding {
> + uint32_t encoding;
> + uint32_t encoding_rsvd[7];
> +};
> +
> struct sdsi_dev {
> struct sdsi_regs regs;
> + struct state_certificate sc;
> char *dev_name;
> char *dev_path;
> int guid;
> };
>
> enum command {
> - CMD_NONE,
> CMD_SOCKET_INFO,
> - CMD_DUMP_CERT,
> + CMD_STATE_CERT,
> CMD_PROV_AKC,
> CMD_PROV_CAP,
> };
> @@ -168,20 +220,56 @@ static int sdsi_read_reg(struct sdsi_dev *s)
> return 0;
> }
>
> -static int sdsi_certificate_dump(struct sdsi_dev *s)
> +static char *license_blob_type(uint32_t type)
> +{
> + switch (type) {
> + case LBT_ONE_TIME_UPGRADE:
> + return "One time upgrade";
> + case LBT_METERED_UPGRADE:
> + return "Metered upgrade";
> + default:
> + return "Unknown license blob type";
> + }
> +}
> +
> +static char *content_type(uint32_t type)
> +{
> + switch (type) {
> + case CONTENT_TYPE_LK_ENC:
> + return "Licencse key encoding";
> + case CONTENT_TYPE_LK_BLOB_ENC:
> + return "License key + Blob encoding";
> + default:
> + return "Unknown content type";
> + }
> +}
> +
> +static void get_feature(uint32_t encoding, char *feature)
> +{
> + char *name = (char *)&encoding;
> +
> + feature[3] = name[0];
> + feature[2] = name[1];
> + feature[1] = name[2];
> + feature[0] = name[3];
> +}
> +
> +static int sdsi_state_cert_show(struct sdsi_dev *s)
> {
> - uint64_t state_certificate[512] = {0};
> - bool first_instance;
> - uint64_t previous;
> + char buf[STATE_CERT_MAX_SIZE] = {0};
> + struct state_certificate *sc;
> + struct license_key_info *lki;
> + uint32_t offset = 0;
> + uint32_t count = 0;
> FILE *cert_ptr;
> - int i, ret, size;
> + int ret, size;
>
> ret = sdsi_update_registers(s);
> if (ret)
> return ret;
>
> if (!s->regs.en_features.sdsi) {
> - fprintf(stderr, "SDSi feature is present but not enabled.");
> + fprintf(stderr, "On Demand feature is present but not enabled.");
> fprintf(stderr, " Unable to read state certificate");
> return -1;
> }
> @@ -198,32 +286,74 @@ static int sdsi_certificate_dump(struct sdsi_dev *s)
> return -1;
> }
>
> - size = fread(state_certificate, 1, sizeof(state_certificate), cert_ptr);
> + size = fread(buf, 1, sizeof(buf), cert_ptr);
> if (!size) {
> fprintf(stderr, "Could not read 'state_certificate' file\n");
> fclose(cert_ptr);
> return -1;
> }
> + fclose(cert_ptr);
>
> - printf("%3d: 0x%lx\n", 0, state_certificate[0]);
> - previous = state_certificate[0];
> - first_instance = true;
> + sc = (struct state_certificate *)buf;
>
> - for (i = 1; i < (int)(round_up(size, sizeof(uint64_t))/sizeof(uint64_t)); i++) {
> - if (state_certificate[i] == previous) {
> - if (first_instance) {
> - puts("*");
> - first_instance = false;
> - }
> - continue;
> + /* Print register info for this guid */
> + printf("\n");
> + printf("State certificate for device %s\n", s->dev_name);
> + printf("\n");
> + printf("Content Type: %s\n", content_type(sc->content_type));
> + printf("Region Revision ID: %d\n", sc->region_rev_id);
> + printf("Header Size: %d\n", sc->header_size * 4);
> + printf("Total Size: %d\n", sc->total_size);
> + printf("OEM Key Size: %d\n", sc->key_size * 4);
> + printf("Number of Licenses: %d\n", sc->num_licenses);
> +
> + /* Skip over the license sizes 4 bytes per license) to get the license key info */
> + lki = (void *)sc + sizeof(*sc) + (4 * sc->num_licenses);
> +
> + printf("License blob Info:\n");
> + printf(" License Key Revision ID: 0x%x\n", lki->key_rev_id);
> + printf(" License Key Image Content: 0x%lx%lx%lx%lx%lx%lx\n",
> + lki->key_image_content[5], lki->key_image_content[4],
> + lki->key_image_content[3], lki->key_image_content[2],
> + lki->key_image_content[1], lki->key_image_content[0]);
> +
> + while (count++ < sc->num_licenses) {
> + uint32_t blob_size_field = *(uint32_t *)(buf + 0x14 + count * 4);
> + uint32_t blob_size = LICENSE_BLOB_SIZE(blob_size_field);
> + bool license_valid = LICENSE_VALID(blob_size_field);
> + struct license_blob_content *lbc =
> + (void *)(sc) + // start of the state certificate
> + sizeof(*sc) + // size of the state certificate
> + (4 * sc->num_licenses) + // total size of the blob size blocks
> + sizeof(*lki) + // size of the license key info
> + offset; // offset to this blob content
> + struct bundle_encoding *bundle = (void *)(lbc) + sizeof(*lbc);
> + char feature[5];
> + uint32_t i;
> +
> + printf(" Blob %d:\n", count - 1);
> + printf(" License blob size: %u\n", blob_size);
> + printf(" License is valid: %s\n", license_valid ? "Yes" : "No");
> + printf(" License blob type: %s\n", license_blob_type(lbc->type));
> + printf(" License blob ID: 0x%lx\n", lbc->id);
> + printf(" PPIN: 0x%lx\n", lbc->ppin);
> + printf(" Previous PPIN: 0x%lx\n", lbc->previous_ppin);
> + printf(" Blob revision ID: %u\n", lbc->rev_id);
> + printf(" Number of Features: %u\n", lbc->num_bundles);
> +
> + feature[4] = '\0';
> +
> + for (i = 0; i < min(lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE); i++) {
> + get_feature(bundle[i].encoding, feature);
> + printf(" Feature %d: %s\n", i, feature);
> }
> - printf("%3d: 0x%lx\n", i, state_certificate[i]);
> - previous = state_certificate[i];
> - first_instance = true;
> - }
> - printf("%3d\n", i);
>
> - fclose(cert_ptr);
> + if (lbc->num_bundles > STATE_MAX_NUM_IN_BUNDLE)
> + fprintf(stderr, " Warning: %d > %d licenses in bundle reported.\n",
> + lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE);
> +
> + offset += blob_size;
> + };
>
> return 0;
> }
> @@ -231,7 +361,7 @@ static int sdsi_certificate_dump(struct sdsi_dev *s)
> static int sdsi_provision(struct sdsi_dev *s, char *bin_file, enum command command)
> {
> int bin_fd, prov_fd, size, ret;
> - char buf[4096] = { 0 };
> + char buf[STATE_CERT_MAX_SIZE] = { 0 };
> char cap[] = "provision_cap";
> char akc[] = "provision_akc";
> char *prov_file;
> @@ -266,7 +396,7 @@ static int sdsi_provision(struct sdsi_dev *s, char *bin_file, enum command comma
> }
>
> /* Read the binary file into the buffer */
> - size = read(bin_fd, buf, 4096);
> + size = read(bin_fd, buf, STATE_CERT_MAX_SIZE);
> if (size == -1) {
> close(bin_fd);
> close(prov_fd);
> @@ -443,25 +573,26 @@ static void sdsi_free_dev(struct sdsi_dev *s)
>
> static void usage(char *prog)
> {
> - printf("Usage: %s [-l] [-d DEVNO [-iD] [-a FILE] [-c FILE]]\n", prog);
> + printf("Usage: %s [-l] [-d DEVNO [-i] [-s] [-a FILE] [-c FILE]]\n", prog);
> }
>
> static void show_help(void)
> {
> printf("Commands:\n");
> - printf(" %-18s\t%s\n", "-l, --list", "list available sdsi devices");
> - printf(" %-18s\t%s\n", "-d, --devno DEVNO", "sdsi device number");
> - printf(" %-18s\t%s\n", "-i --info", "show socket information");
> - printf(" %-18s\t%s\n", "-D --dump", "dump state certificate data");
> - printf(" %-18s\t%s\n", "-a --akc FILE", "provision socket with AKC FILE");
> - printf(" %-18s\t%s\n", "-c --cap FILE>", "provision socket with CAP FILE");
> + printf(" %-18s\t%s\n", "-l, --list", "list available On Demand devices");
> + printf(" %-18s\t%s\n", "-d, --devno DEVNO", "On Demand device number");
> + printf(" %-18s\t%s\n", "-i, --info", "show socket information");
> + printf(" %-18s\t%s\n", "-s, --state", "show state certificate");
> + printf(" %-18s\t%s\n", "-a, --akc FILE", "provision socket with AKC FILE");
> + printf(" %-18s\t%s\n", "-c, --cap FILE>", "provision socket with CAP FILE");
> }
>
> int main(int argc, char *argv[])
> {
> char bin_file[PATH_MAX], *dev_no = NULL;
> + bool device_selected = false;
> char *progname;
> - enum command command = CMD_NONE;
> + enum command command = -1;
> struct sdsi_dev *s;
> int ret = 0, opt;
> int option_index = 0;
> @@ -470,21 +601,22 @@ int main(int argc, char *argv[])
> {"akc", required_argument, 0, 'a'},
> {"cap", required_argument, 0, 'c'},
> {"devno", required_argument, 0, 'd'},
> - {"dump", no_argument, 0, 'D'},
> {"help", no_argument, 0, 'h'},
> {"info", no_argument, 0, 'i'},
> {"list", no_argument, 0, 'l'},
> + {"state", no_argument, 0, 's'},
> {0, 0, 0, 0 }
> };
>
>
> progname = argv[0];
>
> - while ((opt = getopt_long_only(argc, argv, "+a:c:d:Da:c:h", long_options,
> + while ((opt = getopt_long_only(argc, argv, "+a:c:d:hils", long_options,
> &option_index)) != -1) {
> switch (opt) {
> case 'd':
> dev_no = optarg;
> + device_selected = true;
> break;
> case 'l':
> sdsi_list_devices();
> @@ -492,8 +624,8 @@ int main(int argc, char *argv[])
> case 'i':
> command = CMD_SOCKET_INFO;
> break;
> - case 'D':
> - command = CMD_DUMP_CERT;
> + case 's':
> + command = CMD_STATE_CERT;
> break;
> case 'a':
> case 'c':
> @@ -520,39 +652,35 @@ int main(int argc, char *argv[])
> }
> }
>
> - if (!dev_no) {
> - if (command != CMD_NONE)
> - fprintf(stderr, "Missing device number, DEVNO, for this command\n");
> - usage(progname);
> - return -1;
> - }
> + if (device_selected) {
> + s = sdsi_create_dev(dev_no);
> + if (!s)
> + return -1;
>
> - s = sdsi_create_dev(dev_no);
> - if (!s)
> - return -1;
> + switch (command) {
> + case CMD_SOCKET_INFO:
> + ret = sdsi_read_reg(s);
> + break;
> + case CMD_STATE_CERT:
> + ret = sdsi_state_cert_show(s);
> + break;
> + case CMD_PROV_AKC:
> + ret = sdsi_provision_akc(s, bin_file);
> + break;
> + case CMD_PROV_CAP:
> + ret = sdsi_provision_cap(s, bin_file);
> + break;
> + default:
> + fprintf(stderr, "No command specified\n");
> + return -1;
> + }
> +
> + sdsi_free_dev(s);
>
> - /* Run the command */
> - switch (command) {
> - case CMD_NONE:
> - fprintf(stderr, "Missing command for device %s\n", dev_no);
> - usage(progname);
> - break;
> - case CMD_SOCKET_INFO:
> - ret = sdsi_read_reg(s);
> - break;
> - case CMD_DUMP_CERT:
> - ret = sdsi_certificate_dump(s);
> - break;
> - case CMD_PROV_AKC:
> - ret = sdsi_provision_akc(s, bin_file);
> - break;
> - case CMD_PROV_CAP:
> - ret = sdsi_provision_cap(s, bin_file);
> - break;
> - }
> -
> -
> - sdsi_free_dev(s);
> + } else {
> + fprintf(stderr, "No device specified\n");
> + return -1;
> + }
>
> return ret;
> }
@@ -22,11 +22,24 @@
#include <sys/types.h>
+#ifndef __packed
+#define __packed __attribute__((packed))
+#endif
+
+#define min(x, y) ({ \
+ typeof(x) _min1 = (x); \
+ typeof(y) _min2 = (y); \
+ (void) (&_min1 == &_min2); \
+ _min1 < _min2 ? _min1 : _min2; })
+
#define SDSI_DEV "intel_vsec.sdsi"
#define AUX_DEV_PATH "/sys/bus/auxiliary/devices/"
#define SDSI_PATH (AUX_DEV_DIR SDSI_DEV)
#define GUID 0x6dd191
#define REGISTERS_MIN_SIZE 72
+#define STATE_CERT_MAX_SIZE 4096
+#define STATE_MAX_NUM_LICENSES 16
+#define STATE_MAX_NUM_IN_BUNDLE (uint32_t)8
#define __round_mask(x, y) ((__typeof__(x))((y) - 1))
#define round_up(x, y) ((((x) - 1) | __round_mask(x, y)) + 1)
@@ -49,6 +62,7 @@ struct availability {
uint64_t reserved:48;
uint64_t available:3;
uint64_t threshold:3;
+ uint64_t reserved2:10;
};
struct sdsi_regs {
@@ -63,17 +77,55 @@ struct sdsi_regs {
uint64_t socket_id;
};
+#define CONTENT_TYPE_LK_ENC 0xD
+#define CONTENT_TYPE_LK_BLOB_ENC 0xE
+
+struct state_certificate {
+ uint32_t content_type;
+ uint32_t region_rev_id;
+ uint32_t header_size;
+ uint32_t total_size;
+ uint32_t key_size;
+ uint32_t num_licenses;
+};
+
+struct license_key_info {
+ uint32_t key_rev_id;
+ uint64_t key_image_content[6];
+} __packed;
+
+#define LICENSE_BLOB_SIZE(l) (((l) & 0x7fffffff) * 4)
+#define LICENSE_VALID(l) (!!((l) & 0x80000000))
+
+// License Group Types
+#define LBT_ONE_TIME_UPGRADE 1
+#define LBT_METERED_UPGRADE 2
+
+struct license_blob_content {
+ uint32_t type;
+ uint64_t id;
+ uint64_t ppin;
+ uint64_t previous_ppin;
+ uint32_t rev_id;
+ uint32_t num_bundles;
+} __packed;
+
+struct bundle_encoding {
+ uint32_t encoding;
+ uint32_t encoding_rsvd[7];
+};
+
struct sdsi_dev {
struct sdsi_regs regs;
+ struct state_certificate sc;
char *dev_name;
char *dev_path;
int guid;
};
enum command {
- CMD_NONE,
CMD_SOCKET_INFO,
- CMD_DUMP_CERT,
+ CMD_STATE_CERT,
CMD_PROV_AKC,
CMD_PROV_CAP,
};
@@ -168,20 +220,56 @@ static int sdsi_read_reg(struct sdsi_dev *s)
return 0;
}
-static int sdsi_certificate_dump(struct sdsi_dev *s)
+static char *license_blob_type(uint32_t type)
+{
+ switch (type) {
+ case LBT_ONE_TIME_UPGRADE:
+ return "One time upgrade";
+ case LBT_METERED_UPGRADE:
+ return "Metered upgrade";
+ default:
+ return "Unknown license blob type";
+ }
+}
+
+static char *content_type(uint32_t type)
+{
+ switch (type) {
+ case CONTENT_TYPE_LK_ENC:
+ return "Licencse key encoding";
+ case CONTENT_TYPE_LK_BLOB_ENC:
+ return "License key + Blob encoding";
+ default:
+ return "Unknown content type";
+ }
+}
+
+static void get_feature(uint32_t encoding, char *feature)
+{
+ char *name = (char *)&encoding;
+
+ feature[3] = name[0];
+ feature[2] = name[1];
+ feature[1] = name[2];
+ feature[0] = name[3];
+}
+
+static int sdsi_state_cert_show(struct sdsi_dev *s)
{
- uint64_t state_certificate[512] = {0};
- bool first_instance;
- uint64_t previous;
+ char buf[STATE_CERT_MAX_SIZE] = {0};
+ struct state_certificate *sc;
+ struct license_key_info *lki;
+ uint32_t offset = 0;
+ uint32_t count = 0;
FILE *cert_ptr;
- int i, ret, size;
+ int ret, size;
ret = sdsi_update_registers(s);
if (ret)
return ret;
if (!s->regs.en_features.sdsi) {
- fprintf(stderr, "SDSi feature is present but not enabled.");
+ fprintf(stderr, "On Demand feature is present but not enabled.");
fprintf(stderr, " Unable to read state certificate");
return -1;
}
@@ -198,32 +286,74 @@ static int sdsi_certificate_dump(struct sdsi_dev *s)
return -1;
}
- size = fread(state_certificate, 1, sizeof(state_certificate), cert_ptr);
+ size = fread(buf, 1, sizeof(buf), cert_ptr);
if (!size) {
fprintf(stderr, "Could not read 'state_certificate' file\n");
fclose(cert_ptr);
return -1;
}
+ fclose(cert_ptr);
- printf("%3d: 0x%lx\n", 0, state_certificate[0]);
- previous = state_certificate[0];
- first_instance = true;
+ sc = (struct state_certificate *)buf;
- for (i = 1; i < (int)(round_up(size, sizeof(uint64_t))/sizeof(uint64_t)); i++) {
- if (state_certificate[i] == previous) {
- if (first_instance) {
- puts("*");
- first_instance = false;
- }
- continue;
+ /* Print register info for this guid */
+ printf("\n");
+ printf("State certificate for device %s\n", s->dev_name);
+ printf("\n");
+ printf("Content Type: %s\n", content_type(sc->content_type));
+ printf("Region Revision ID: %d\n", sc->region_rev_id);
+ printf("Header Size: %d\n", sc->header_size * 4);
+ printf("Total Size: %d\n", sc->total_size);
+ printf("OEM Key Size: %d\n", sc->key_size * 4);
+ printf("Number of Licenses: %d\n", sc->num_licenses);
+
+ /* Skip over the license sizes 4 bytes per license) to get the license key info */
+ lki = (void *)sc + sizeof(*sc) + (4 * sc->num_licenses);
+
+ printf("License blob Info:\n");
+ printf(" License Key Revision ID: 0x%x\n", lki->key_rev_id);
+ printf(" License Key Image Content: 0x%lx%lx%lx%lx%lx%lx\n",
+ lki->key_image_content[5], lki->key_image_content[4],
+ lki->key_image_content[3], lki->key_image_content[2],
+ lki->key_image_content[1], lki->key_image_content[0]);
+
+ while (count++ < sc->num_licenses) {
+ uint32_t blob_size_field = *(uint32_t *)(buf + 0x14 + count * 4);
+ uint32_t blob_size = LICENSE_BLOB_SIZE(blob_size_field);
+ bool license_valid = LICENSE_VALID(blob_size_field);
+ struct license_blob_content *lbc =
+ (void *)(sc) + // start of the state certificate
+ sizeof(*sc) + // size of the state certificate
+ (4 * sc->num_licenses) + // total size of the blob size blocks
+ sizeof(*lki) + // size of the license key info
+ offset; // offset to this blob content
+ struct bundle_encoding *bundle = (void *)(lbc) + sizeof(*lbc);
+ char feature[5];
+ uint32_t i;
+
+ printf(" Blob %d:\n", count - 1);
+ printf(" License blob size: %u\n", blob_size);
+ printf(" License is valid: %s\n", license_valid ? "Yes" : "No");
+ printf(" License blob type: %s\n", license_blob_type(lbc->type));
+ printf(" License blob ID: 0x%lx\n", lbc->id);
+ printf(" PPIN: 0x%lx\n", lbc->ppin);
+ printf(" Previous PPIN: 0x%lx\n", lbc->previous_ppin);
+ printf(" Blob revision ID: %u\n", lbc->rev_id);
+ printf(" Number of Features: %u\n", lbc->num_bundles);
+
+ feature[4] = '\0';
+
+ for (i = 0; i < min(lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE); i++) {
+ get_feature(bundle[i].encoding, feature);
+ printf(" Feature %d: %s\n", i, feature);
}
- printf("%3d: 0x%lx\n", i, state_certificate[i]);
- previous = state_certificate[i];
- first_instance = true;
- }
- printf("%3d\n", i);
- fclose(cert_ptr);
+ if (lbc->num_bundles > STATE_MAX_NUM_IN_BUNDLE)
+ fprintf(stderr, " Warning: %d > %d licenses in bundle reported.\n",
+ lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE);
+
+ offset += blob_size;
+ };
return 0;
}
@@ -231,7 +361,7 @@ static int sdsi_certificate_dump(struct sdsi_dev *s)
static int sdsi_provision(struct sdsi_dev *s, char *bin_file, enum command command)
{
int bin_fd, prov_fd, size, ret;
- char buf[4096] = { 0 };
+ char buf[STATE_CERT_MAX_SIZE] = { 0 };
char cap[] = "provision_cap";
char akc[] = "provision_akc";
char *prov_file;
@@ -266,7 +396,7 @@ static int sdsi_provision(struct sdsi_dev *s, char *bin_file, enum command comma
}
/* Read the binary file into the buffer */
- size = read(bin_fd, buf, 4096);
+ size = read(bin_fd, buf, STATE_CERT_MAX_SIZE);
if (size == -1) {
close(bin_fd);
close(prov_fd);
@@ -443,25 +573,26 @@ static void sdsi_free_dev(struct sdsi_dev *s)
static void usage(char *prog)
{
- printf("Usage: %s [-l] [-d DEVNO [-iD] [-a FILE] [-c FILE]]\n", prog);
+ printf("Usage: %s [-l] [-d DEVNO [-i] [-s] [-a FILE] [-c FILE]]\n", prog);
}
static void show_help(void)
{
printf("Commands:\n");
- printf(" %-18s\t%s\n", "-l, --list", "list available sdsi devices");
- printf(" %-18s\t%s\n", "-d, --devno DEVNO", "sdsi device number");
- printf(" %-18s\t%s\n", "-i --info", "show socket information");
- printf(" %-18s\t%s\n", "-D --dump", "dump state certificate data");
- printf(" %-18s\t%s\n", "-a --akc FILE", "provision socket with AKC FILE");
- printf(" %-18s\t%s\n", "-c --cap FILE>", "provision socket with CAP FILE");
+ printf(" %-18s\t%s\n", "-l, --list", "list available On Demand devices");
+ printf(" %-18s\t%s\n", "-d, --devno DEVNO", "On Demand device number");
+ printf(" %-18s\t%s\n", "-i, --info", "show socket information");
+ printf(" %-18s\t%s\n", "-s, --state", "show state certificate");
+ printf(" %-18s\t%s\n", "-a, --akc FILE", "provision socket with AKC FILE");
+ printf(" %-18s\t%s\n", "-c, --cap FILE>", "provision socket with CAP FILE");
}
int main(int argc, char *argv[])
{
char bin_file[PATH_MAX], *dev_no = NULL;
+ bool device_selected = false;
char *progname;
- enum command command = CMD_NONE;
+ enum command command = -1;
struct sdsi_dev *s;
int ret = 0, opt;
int option_index = 0;
@@ -470,21 +601,22 @@ int main(int argc, char *argv[])
{"akc", required_argument, 0, 'a'},
{"cap", required_argument, 0, 'c'},
{"devno", required_argument, 0, 'd'},
- {"dump", no_argument, 0, 'D'},
{"help", no_argument, 0, 'h'},
{"info", no_argument, 0, 'i'},
{"list", no_argument, 0, 'l'},
+ {"state", no_argument, 0, 's'},
{0, 0, 0, 0 }
};
progname = argv[0];
- while ((opt = getopt_long_only(argc, argv, "+a:c:d:Da:c:h", long_options,
+ while ((opt = getopt_long_only(argc, argv, "+a:c:d:hils", long_options,
&option_index)) != -1) {
switch (opt) {
case 'd':
dev_no = optarg;
+ device_selected = true;
break;
case 'l':
sdsi_list_devices();
@@ -492,8 +624,8 @@ int main(int argc, char *argv[])
case 'i':
command = CMD_SOCKET_INFO;
break;
- case 'D':
- command = CMD_DUMP_CERT;
+ case 's':
+ command = CMD_STATE_CERT;
break;
case 'a':
case 'c':
@@ -520,39 +652,35 @@ int main(int argc, char *argv[])
}
}
- if (!dev_no) {
- if (command != CMD_NONE)
- fprintf(stderr, "Missing device number, DEVNO, for this command\n");
- usage(progname);
- return -1;
- }
+ if (device_selected) {
+ s = sdsi_create_dev(dev_no);
+ if (!s)
+ return -1;
- s = sdsi_create_dev(dev_no);
- if (!s)
- return -1;
+ switch (command) {
+ case CMD_SOCKET_INFO:
+ ret = sdsi_read_reg(s);
+ break;
+ case CMD_STATE_CERT:
+ ret = sdsi_state_cert_show(s);
+ break;
+ case CMD_PROV_AKC:
+ ret = sdsi_provision_akc(s, bin_file);
+ break;
+ case CMD_PROV_CAP:
+ ret = sdsi_provision_cap(s, bin_file);
+ break;
+ default:
+ fprintf(stderr, "No command specified\n");
+ return -1;
+ }
+
+ sdsi_free_dev(s);
- /* Run the command */
- switch (command) {
- case CMD_NONE:
- fprintf(stderr, "Missing command for device %s\n", dev_no);
- usage(progname);
- break;
- case CMD_SOCKET_INFO:
- ret = sdsi_read_reg(s);
- break;
- case CMD_DUMP_CERT:
- ret = sdsi_certificate_dump(s);
- break;
- case CMD_PROV_AKC:
- ret = sdsi_provision_akc(s, bin_file);
- break;
- case CMD_PROV_CAP:
- ret = sdsi_provision_cap(s, bin_file);
- break;
- }
-
-
- sdsi_free_dev(s);
+ } else {
+ fprintf(stderr, "No device specified\n");
+ return -1;
+ }
return ret;
}